Revision as of 11:12, 22 May 2009

As promised, INS provided a conference room and projector for 12-15 people (THANKS INS!) This was much appreciated by the 35 or so folks who showed up (guess we'll be a little more diligent about RSVPing next time!)

Introductions took place around the room and it looks like about 20% of the folks are non-technical (sales, management, business, governance), 40% are in security operations (pen-testing, security ops consulting), 40% SDLC folks (developers, QA, testers), with one or two Project Managers thrown in for good measure.

David Byrne gave a slideshow on testing for common security flaws (OWASP Top Ten), followed by a discussion about what we want to accomplish as a chapter and what the topic for the next meeting ought to be. The final decision was captured on Andy Lewis's iBook, which unfortunately turned to slag in the middle of the meeting. The consensus was to do the following:

1. Start at the beginning - with requirements and use-cases.

2. Leverage existing technologies and methodologies such as Active Directory and the security features of .Net.

3. Position our developers for success - figure out how to test effectively and correlate security testing failures with where developers ought to go to check their code.

4. Position our testers/QA for success - figure out how to test effectively without unnecessary delays.

4. Position our business for success - ensure that compliance is also addressed in the 3 areas above.

6. Build the case that ties the above activities to actual business value.

7. Figure out how to market this stuff so that it's not entirely about dollars and cents.

So... on January 17th there will be a talk about integrating security into the SDLC. In the mean time, we'll see if we can kick off a few use-cases via email collaboration.

After the meeting we hoisted a pint or two at some Irish pub around the corner from INS and a good time was had by all.

Many thanks to Scott and Rachael of INS for hosting the first meeting!

Original Meeting Announcement

The first OWASP meeting in Denver will be held at 6:30PM on November 15th. The presentation will be on web application testing methodology. The meeting will be held at INS offices near Belleview Ave & I-25. Mapquest & Google are not accurate.

7900 E. Union Avenue, Suite 930
Denver, CO 80237

Take I-25 to the Belleview exit

Turn East on Belleview Ave

Drive 2 blocks to S. Ulster St.

Turn North (left) on Ulster.

Drive to the end of the block and turn West (left) into the INS parking lot. It is directly accross the street from McCormick & Schmick's Seafood Restaurant. If you reach Union, you've gone too far.